Description
Graylog is a free and open log management platform. Starting with 6.1, HTTP Inputs can be configured to check if a specified header is present and has a specified value to authenticate HTTP-based ingestion. Unfortunately, even though in cases of a missing header or a wrong value the correct HTTP response (401) is returned, the message will be ingested nonetheless. To mitigate the vulnerability, disable http-based inputs and allow only authenticated pull-based inputs. This vulnerability is fixed in 6.1.9.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-q7g5-jq6p-6wvx
Scores
CVSS v3
6.5
EPSS
0.0008
EPSS Percentile
22.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-285
Status
published
Products (2)
graylog/graylog
6.1.0 - 6.1.9
org.graylog2/graylog2-server
6.1.0 - 6.1.9Maven
Published
Apr 07, 2025
Tracked Since
Feb 18, 2026